Summary: CISA has added a high-severity vulnerability linked to the compromised GitHub Action tj-actions/changed-files to its KEV catalog. This flaw allows remote attackers to access sensitive data through action logs by injecting malicious code, potentially resulting from a cascading supply chain attack. Users are urged to update to the latest version and implement strict security measures to mitigate risks.
Affected: tj-actions/changed-files, reviewdog/action-setup GitHub Actions
Keypoints:
- Vulnerability tracked as CVE-2025-30066 with a CVSS score of 8.6.
- Compromise linked to stolen GitHub Personal Access Tokens allowing unauthorized code modification.
- Affected users are advised to update to version 46.0.1 and audit workflows for suspicious activity.
Source: https://thehackernews.com/2025/03/cisa-warns-of-active-exploitation-in.html